06033e611364797823d943175593e1d0e1f06d5e7821fa2604b53ed62b075309

General
Target

06033e611364797823d943175593e1d0e1f06d5e7821fa2604b53ed62b075309

Size

161KB

Sample

210504-bwhem8embs

Score
10 /10
MD5

e6625c3e1f5780bc2e5b104e5457abf0

SHA1

1b4a6d47e1b242f11af5eb24584cae9611ac89fc

SHA256

06033e611364797823d943175593e1d0e1f06d5e7821fa2604b53ed62b075309

SHA512

a38ef156e26fc4f8c3692f1be640c7c2f04e84f834c73c12110c1b0385b3698e50a044d051671b1170b4c4db20eea6cbc2a004f8eef74cef4c395c1344059d84

Malware Config

Extracted

Family dridex
Botnet 40111
C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain
Targets
Target

06033e611364797823d943175593e1d0e1f06d5e7821fa2604b53ed62b075309

MD5

e6625c3e1f5780bc2e5b104e5457abf0

Filesize

161KB

Score
10 /10
SHA1

1b4a6d47e1b242f11af5eb24584cae9611ac89fc

SHA256

06033e611364797823d943175593e1d0e1f06d5e7821fa2604b53ed62b075309

SHA512

a38ef156e26fc4f8c3692f1be640c7c2f04e84f834c73c12110c1b0385b3698e50a044d051671b1170b4c4db20eea6cbc2a004f8eef74cef4c395c1344059d84

Tags

Signatures

  • Dridex

    Description

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    Tags

  • Dridex Loader

    Description

    Detects Dridex both x86 and x64 loader in memory.

    Tags

  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1